#VU93453 Improper error handling in Linux kernel - CVE-2024-27025
Vulnerability identifier: #VU93453
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e
https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced
https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797
https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8
https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983
https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf
https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a
https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
